Ask Your Question

Dissector: register a name for a ethertype

asked 2021-09-03 12:01:25 +0000

doragasu gravatar image

updated 2021-09-06 06:27:04 +0000

I am making a new dissector, that is triggered on an specific ethertype. I register it like this:


static dissector_handle_t foo_handle;

foo_handle = create_dissector_handle(dissect_foo_sos, proto_foo_sos);
dissector_add_uint("ethertype", FOO_PROTO_ETHERTYPE, foo_handle);


The dissector works great, but when browsing the capture, the llc.type type corresponding to the ethertype I am parsing, is shown as Type: Unknown (0x1234).

Is there a way to register a protocol name for this specific ethertype?

edit retag flag offensive close merge delete


Is that really your code? The "foo"s and the "wiyo"s don't seem to match up.

See the end of packet-aarp.c for a simple example.

Chuckc gravatar imageChuckc ( 2021-09-03 14:57:16 +0000 )edit

No, sorry, I have corrected it.

doragasu gravatar imagedoragasu ( 2021-09-06 06:27:19 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2021-09-03 20:51:12 +0000

Guy Harris gravatar image

You'd have to modify the etype_vals[] table in epan/dissectors/packet-ethertype.c and recompile Wireshark; unfortunately, there's currently no way for code outside Wireshark to add entries to that table.

edit flag offensive delete link more


Oh, that's unfortunate I cannot do it inside the dissector plugin. Thanks for digging into it!

doragasu gravatar imagedoragasu ( 2021-09-06 06:28:55 +0000 )edit

answered 2021-09-03 12:52:20 +0000

hugo.vanderkooij gravatar image

A quick dig around seems to indicate that you need to go for the source code. I found the ethertypes listed in an include file but no reference to a config file to add your own.

edit flag offensive delete link more


Too bad there is not an interface for plugins. Thanks!

doragasu gravatar imagedoragasu ( 2021-09-06 06:29:13 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-09-03 12:01:25 +0000

Seen: 101 times

Last updated: Sep 06